Overview

overview

10

Static

static

3

SquirrelsA...64.exe

windows7-x64

6

SquirrelsA...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SquirrelsAirParrot3.1.6.154x64.exe

  • Size

    74.2MB

  • Sample

    231003-rpxskadd78

  • MD5

    1f469e17a69f8dc26c13dd68cbf59d6e

  • SHA1

    0865701898bc8ef00e9d03e0b3e3d43ac73fd095

  • SHA256

    c71db27a938e47e9bb32898f9f0b1381627f418beaa1ce5154f05c61aedb7018

  • SHA512

    cdf9f09edf811b5d9e25bc467e6e2c3cd319e3346874ead53cdbe79b2f9a82e6dc71f6781099256dd384a5a3ae06a15c1e7d3f1c38276531bd7314104ff9af90

  • SSDEEP

    1572864:tyvNrd/kpAWOx64eacW5VOG+1QtY3F7OKe15ZYWhpgADakr9e:tylrdcpAlR5VOdm+7OKu5fhyAukA

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      SquirrelsAirParrot3.1.6.154x64.exe

    • Size

      74.2MB

    • MD5

      1f469e17a69f8dc26c13dd68cbf59d6e

    • SHA1

      0865701898bc8ef00e9d03e0b3e3d43ac73fd095

    • SHA256

      c71db27a938e47e9bb32898f9f0b1381627f418beaa1ce5154f05c61aedb7018

    • SHA512

      cdf9f09edf811b5d9e25bc467e6e2c3cd319e3346874ead53cdbe79b2f9a82e6dc71f6781099256dd384a5a3ae06a15c1e7d3f1c38276531bd7314104ff9af90

    • SSDEEP

      1572864:tyvNrd/kpAWOx64eacW5VOG+1QtY3F7OKe15ZYWhpgADakr9e:tylrdcpAlR5VOdm+7OKu5fhyAukA

    Score
    10/10
    evasiontrojan

    • Modifies firewall policy service

      evasion

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks